kore.h (32568B)
1 /*
2 * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #ifndef __H_KORE_H
18 #define __H_KORE_H
19
20 #if defined(__APPLE__)
21 #define daemon portability_is_king
22 #endif
23
24 /*
25 * Extremely ugly hack to get past glibc 2.43 its insane implementation
26 * of C23 features shoved down a C99 code base.
27 */
28 #if defined(__GLIBC__)
29 #undef __GLIBC_USE_ISOC23
30 #include <string.h>
31 #endif
32
33 #include <sys/param.h>
34 #include <sys/types.h>
35 #include <sys/time.h>
36 #include <sys/queue.h>
37 #include <sys/stat.h>
38 #include <sys/un.h>
39
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
42
43 #include <errno.h>
44 #include <regex.h>
45 #include <stdarg.h>
46 #include <stdlib.h>
47 #include <stdio.h>
48 #include <string.h>
49 #include <signal.h>
50 #include <syslog.h>
51 #include <unistd.h>
52 #include <stdarg.h>
53
54 #if defined(__cplusplus)
55 extern "C" {
56 #endif
57
58 #if defined(__APPLE__)
59 #undef daemon
60 extern int daemon(int, int);
61 #define st_mtim st_mtimespec
62 #endif
63
64 #if !defined(KORE_NO_SENDFILE)
65 #if defined(__MACH__) || defined(__FreeBSD_version) || defined(__linux__)
66 #define KORE_USE_PLATFORM_SENDFILE 1
67 #endif
68 #endif
69
70 #if defined(__OpenBSD__)
71 #define KORE_USE_PLATFORM_PLEDGE 1
72 #endif
73
74 #if defined(TLS_BACKEND_OPENSSL)
75 #include <openssl/x509.h>
76 #include <openssl/ssl.h>
77 typedef X509 KORE_X509;
78 typedef SSL KORE_TLS;
79 typedef SSL_CTX KORE_TLS_CTX;
80 typedef X509_NAME KORE_X509_NAMES;
81 typedef EVP_PKEY KORE_PRIVATE_KEY;
82 #else
83 typedef void KORE_X509;
84 typedef void KORE_TLS;
85 typedef void KORE_TLS_CTX;
86 typedef void KORE_X509_NAMES;
87 typedef void KORE_PRIVATE_KEY;
88 #endif
89
90 #define KORE_RSAKEY_BITS 4096
91
92 /* Kore quit reasons. */
93 #define KORE_QUIT_NONE -1
94 #define KORE_QUIT_NORMAL 0
95 #define KORE_QUIT_FATAL 1
96
97 #define KORE_RESULT_ERROR 0
98 #define KORE_RESULT_OK 1
99 #define KORE_RESULT_RETRY 2
100
101 #define KORE_TLS_VERSION_1_3 0
102 #define KORE_TLS_VERSION_1_2 1
103 #define KORE_TLS_VERSION_BOTH 2
104
105 #define KORE_BASE64_RAW 0x0001
106
107 #define KORE_WAIT_INFINITE (u_int64_t)-1
108 #define KORE_RESEED_TIME (1800 * 1000)
109
110 #define errno_s strerror(errno)
111 #define ssl_errno_s ERR_error_string(ERR_get_error(), NULL)
112 #define KORE_DOMAINNAME_LEN 255
113 #define KORE_PIDFILE_DEFAULT "kore.pid"
114 #define KORE_DHPARAM_PATH PREFIX "/share/kore/ffdhe4096.pem"
115 #define KORE_DEFAULT_CIPHER_LIST "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
116
117 #define NETBUF_RECV 0
118 #define NETBUF_SEND 1
119 #define NETBUF_SEND_PAYLOAD_MAX 8192
120 #define SENDFILE_PAYLOAD_MAX (1024 * 1024 * 10)
121
122 #define NETBUF_LAST_CHAIN 0
123 #define NETBUF_BEFORE_CHAIN 1
124
125 #define NETBUF_CALL_CB_ALWAYS 0x01
126 #define NETBUF_FORCE_REMOVE 0x02
127 #define NETBUF_MUST_RESEND 0x04
128 #define NETBUF_IS_STREAM 0x10
129 #define NETBUF_IS_FILEREF 0x20
130
131 #define KORE_X509_COMMON_NAME_ONLY 0x0001
132
133 #define KORE_PEM_CERT_CHAIN 1
134 #define KORE_DER_CERT_DATA 2
135
136 /* XXX hackish. */
137 #if !defined(KORE_NO_HTTP)
138 struct http_request;
139 struct http_redirect;
140 #endif
141
142 #define KORE_FILEREF_SOFT_REMOVED 0x1000
143
144 struct kore_fileref {
145 int cnt;
146 int flags;
147 int ontls;
148 off_t size;
149 char *path;
150 u_int64_t mtime;
151 time_t mtime_sec;
152 u_int64_t expiration;
153 void *base;
154 int fd;
155 TAILQ_ENTRY(kore_fileref) list;
156 };
157
158 struct netbuf {
159 u_int8_t *buf;
160 size_t s_off;
161 size_t b_len;
162 size_t m_len;
163 u_int8_t type;
164 u_int8_t flags;
165
166 struct kore_fileref *file_ref;
167 off_t fd_off;
168 off_t fd_len;
169
170 struct connection *owner;
171 void *extra;
172 int (*cb)(struct netbuf *);
173
174 TAILQ_ENTRY(netbuf) list;
175 };
176
177 TAILQ_HEAD(netbuf_head, netbuf);
178
179 #define KORE_TYPE_LISTENER 1
180 #define KORE_TYPE_CONNECTION 2
181 #define KORE_TYPE_PGSQL_CONN 3
182 #define KORE_TYPE_TASK 4
183 #define KORE_TYPE_PYSOCKET 5
184 #define KORE_TYPE_CURL_HANDLE 6
185
186 #define CONN_STATE_UNKNOWN 0
187 #define CONN_STATE_TLS_SHAKE 1
188 #define CONN_STATE_ESTABLISHED 2
189 #define CONN_STATE_DISCONNECTING 3
190
191 #define CONN_PROTO_UNKNOWN 0
192 #define CONN_PROTO_HTTP 1
193 #define CONN_PROTO_WEBSOCKET 2
194 #define CONN_PROTO_MSG 3
195 #define CONN_PROTO_ACME_ALPN 200
196
197 #define KORE_EVENT_READ 0x01
198 #define KORE_EVENT_WRITE 0x02
199 #define KORE_EVENT_ERROR 0x04
200
201 #define CONN_IDLE_TIMER_ACT 0x0001
202 #define CONN_CLOSE_EMPTY 0x0002
203 #define CONN_WS_CLOSE_SENT 0x0004
204 #define CONN_IS_BUSY 0x0008
205 #define CONN_LOG_TLS_FAILURE 0x0020
206 #define CONN_TLS_ALPN_ACME_SEEN 0x0040
207 #define CONN_TLS_SNI_SEEN 0x0080
208
209 #define KORE_IDLE_TIMER_MAX 5000
210
211 #define WEBSOCKET_OP_CONT 0x00
212 #define WEBSOCKET_OP_TEXT 0x01
213 #define WEBSOCKET_OP_BINARY 0x02
214 #define WEBSOCKET_OP_CLOSE 0x08
215 #define WEBSOCKET_OP_PING 0x09
216 #define WEBSOCKET_OP_PONG 0x0a
217
218 #define WEBSOCKET_BROADCAST_LOCAL 1
219 #define WEBSOCKET_BROADCAST_GLOBAL 2
220
221 #define KORE_TIMER_ONESHOT 0x01
222 #define KORE_TIMER_FLAGS (KORE_TIMER_ONESHOT)
223
224 #define KORE_CONNECTION_PRUNE_DISCONNECT 0
225 #define KORE_CONNECTION_PRUNE_ALL 1
226
227 struct kore_event {
228 int type;
229 int flags;
230 void (*handle)(void *, int);
231 } __attribute__((packed));
232
233 struct connection {
234 struct kore_event evt;
235 int fd;
236 u_int8_t state;
237 u_int8_t proto;
238 struct listener *owner;
239 KORE_TLS *tls;
240 KORE_X509 *tls_cert;
241 char *tls_sni;
242 int tls_reneg;
243
244 u_int16_t flags;
245 void *hdlr_extra;
246
247 int (*handle)(struct connection *);
248 void (*disconnect)(struct connection *);
249 int (*read)(struct connection *, size_t *);
250 int (*write)(struct connection *, size_t, size_t *);
251
252 int family;
253 union {
254 struct sockaddr_in ipv4;
255 struct sockaddr_in6 ipv6;
256 struct sockaddr_un sun;
257 } addr;
258
259 struct {
260 u_int64_t length;
261 u_int64_t start;
262 } idle_timer;
263
264 struct netbuf_head send_queue;
265 struct netbuf *snb;
266 struct netbuf *rnb;
267
268 #if !defined(KORE_NO_HTTP)
269 u_int64_t http_start;
270 u_int64_t http_timeout;
271 struct kore_runtime_call *ws_connect;
272 struct kore_runtime_call *ws_message;
273 struct kore_runtime_call *ws_disconnect;
274 TAILQ_HEAD(, http_request) http_requests;
275 #endif
276
277 TAILQ_ENTRY(connection) list;
278 };
279
280 TAILQ_HEAD(connection_list, connection);
281 extern struct connection_list connections;
282 extern struct connection_list disconnected;
283
284 #define KORE_RUNTIME_NATIVE 0
285 #define KORE_RUNTIME_PYTHON 1
286 #define KORE_RUNTIME_LUA 2
287
288 struct kore_runtime {
289 int type;
290 int (*resolve)(const char *, const struct stat *);
291 #if !defined(KORE_NO_HTTP)
292 int (*http_request)(void *, struct http_request *);
293 void (*http_request_free)(void *, struct http_request *);
294 int (*http_body_chunk)(void *,
295 struct http_request *, const void *, size_t);
296 int (*validator)(void *, struct http_request *, const void *);
297 void (*wsconnect)(void *, struct connection *);
298 void (*wsdisconnect)(void *, struct connection *);
299 void (*wsmessage)(void *, struct connection *,
300 u_int8_t, const void *, size_t);
301 #endif
302 void (*execute)(void *);
303 int (*onload)(void *, int);
304 void (*signal)(void *, int);
305 void (*connect)(void *, struct connection *);
306 void (*configure)(void *, int, char **);
307 };
308
309 struct kore_runtime_call {
310 void *addr;
311 struct kore_runtime *runtime;
312 };
313
314 #if !defined(KORE_NO_HTTP)
315
316 struct kore_route_params {
317 char *name;
318 int flags;
319 u_int8_t method;
320 struct kore_validator *validator;
321
322 TAILQ_ENTRY(kore_route_params) list;
323 };
324
325 struct kore_route {
326 char *path;
327 char *func;
328 int type;
329 int errors;
330 int methods;
331 regex_t rctx;
332 struct kore_domain *dom;
333 struct kore_auth *auth;
334 struct kore_runtime_call *rcall;
335 struct kore_runtime_call *on_free;
336 struct kore_runtime_call *on_headers;
337 struct kore_runtime_call *on_body_chunk;
338
339 TAILQ_HEAD(, kore_route_params) params;
340 TAILQ_ENTRY(kore_route) list;
341 };
342
343 #endif
344
345 struct kore_domain {
346 u_int16_t id;
347 int logerr;
348 u_int64_t logwarn;
349 int accesslog;
350
351 char *domain;
352 struct kore_buf *logbuf;
353 struct kore_server *server;
354
355 #if defined(KORE_USE_ACME)
356 int acme;
357 int acme_challenge;
358 void *acme_cert;
359 size_t acme_cert_len;
360 #endif
361 char *cafile;
362 char *crlfile;
363 char *certfile;
364 char *certkey;
365 KORE_TLS_CTX *tls_ctx;
366 int x509_verify_depth;
367 #if !defined(KORE_NO_HTTP)
368 TAILQ_HEAD(, kore_route) routes;
369 TAILQ_HEAD(, http_redirect) redirects;
370 #endif
371 TAILQ_ENTRY(kore_domain) list;
372 };
373
374 TAILQ_HEAD(kore_domain_h, kore_domain);
375
376 extern struct kore_runtime kore_native_runtime;
377
378 struct listener {
379 struct kore_event evt;
380 int fd;
381 int family;
382 char *port;
383 char *host;
384 struct kore_server *server;
385 struct kore_runtime_call *connect;
386
387 LIST_ENTRY(listener) list;
388 };
389
390 struct kore_server {
391 int tls;
392 char *name;
393 struct kore_domain_h domains;
394 LIST_HEAD(, listener) listeners;
395 LIST_ENTRY(kore_server) list;
396 };
397
398 LIST_HEAD(kore_server_list, kore_server);
399
400 #if !defined(KORE_NO_HTTP)
401
402 #define KORE_PARAMS_QUERY_STRING 0x0001
403
404 #define KORE_AUTH_TYPE_COOKIE 1
405 #define KORE_AUTH_TYPE_HEADER 2
406 #define KORE_AUTH_TYPE_REQUEST 3
407
408 struct kore_auth {
409 u_int8_t type;
410 char *name;
411 char *value;
412 char *redirect;
413 struct kore_validator *validator;
414
415 TAILQ_ENTRY(kore_auth) list;
416 };
417
418 #define HANDLER_TYPE_STATIC 1
419 #define HANDLER_TYPE_DYNAMIC 2
420
421 #endif /* !KORE_NO_HTTP */
422
423 #define KORE_MODULE_LOAD 1
424 #define KORE_MODULE_UNLOAD 2
425
426 #define KORE_MODULE_NATIVE KORE_RUNTIME_NATIVE
427 #define KORE_MODULE_PYTHON KORE_RUNTIME_PYTHON
428 #define KORE_MODULE_LUA KORE_RUNTIME_LUA
429
430 struct kore_module;
431
432 struct kore_module_functions {
433 void (*free)(struct kore_module *);
434 void (*reload)(struct kore_module *);
435 int (*callback)(struct kore_module *, int);
436 void (*load)(struct kore_module *);
437 void *(*getsym)(struct kore_module *, const char *);
438 };
439
440 struct kore_module {
441 void *handle;
442 char *path;
443 char *onload;
444 int type;
445 struct kore_runtime_call *ocb;
446
447 struct kore_module_functions *fun;
448 struct kore_runtime *runtime;
449
450 TAILQ_ENTRY(kore_module) list;
451 };
452
453 /*
454 * The workers get a 128KB log buffer per worker, and parent will fetch their
455 * logs when it reached at least 75% of that or if its been > 1 second since
456 * it was last synced.
457 */
458 #define KORE_ACCESSLOG_BUFLEN 131072U
459 #define KORE_ACCESSLOG_SYNC 98304U
460
461 struct kore_alog_header {
462 u_int16_t domain;
463 u_int16_t loglen;
464 } __attribute__((packed));
465
466 struct kore_privsep {
467 char *root;
468 char *runas;
469 int skip_runas;
470 int skip_chroot;
471 };
472
473 struct kore_worker {
474 u_int16_t id;
475 u_int16_t cpu;
476 int ready;
477 int running;
478 #if defined(__linux__)
479 int tracing;
480 #endif
481 pid_t pid;
482 int pipe[2];
483 struct connection *msg[2];
484 int has_lock;
485 int no_accept;
486 int restarted;
487 u_int64_t time_locked;
488 struct kore_route *active_route;
489 struct kore_privsep *ps;
490
491 /* Used by the workers to store accesslogs. */
492 struct {
493 int lock;
494 size_t offset;
495 char buf[KORE_ACCESSLOG_BUFLEN];
496 } lb;
497 };
498
499 #if !defined(KORE_NO_HTTP)
500
501 #define KORE_VALIDATOR_TYPE_REGEX 1
502 #define KORE_VALIDATOR_TYPE_FUNCTION 2
503
504 struct kore_validator {
505 u_int8_t type;
506 char *name;
507 char *arg;
508 regex_t rctx;
509 struct kore_runtime_call *rcall;
510
511 TAILQ_ENTRY(kore_validator) list;
512 };
513 #endif /* !KORE_NO_HTTP */
514
515 #define KORE_BUF_OWNER_API 0x0001
516
517 struct kore_buf {
518 u_int8_t *data;
519 int flags;
520 size_t length;
521 size_t offset;
522 };
523
524 #define KORE_JSON_TYPE_OBJECT 0x0001
525 #define KORE_JSON_TYPE_ARRAY 0x0002
526 #define KORE_JSON_TYPE_STRING 0x0004
527 #define KORE_JSON_TYPE_NUMBER 0x0008
528 #define KORE_JSON_TYPE_LITERAL 0x0010
529 #define KORE_JSON_TYPE_INTEGER 0x0020
530 #define KORE_JSON_TYPE_INTEGER_U64 0x0040
531
532 #define KORE_JSON_FALSE 0
533 #define KORE_JSON_TRUE 1
534 #define KORE_JSON_NULL 2
535
536 #define KORE_JSON_DEPTH_MAX 10
537
538 #define KORE_JSON_ERR_NONE 0
539 #define KORE_JSON_ERR_INVALID_OBJECT 1
540 #define KORE_JSON_ERR_INVALID_ARRAY 2
541 #define KORE_JSON_ERR_INVALID_STRING 3
542 #define KORE_JSON_ERR_INVALID_NUMBER 4
543 #define KORE_JSON_ERR_INVALID_LITERAL 5
544 #define KORE_JSON_ERR_DEPTH 6
545 #define KORE_JSON_ERR_EOF 7
546 #define KORE_JSON_ERR_INVALID_JSON 8
547 #define KORE_JSON_ERR_INVALID_SEARCH 9
548 #define KORE_JSON_ERR_NOT_FOUND 10
549 #define KORE_JSON_ERR_TYPE_MISMATCH 11
550 #define KORE_JSON_ERR_LAST KORE_JSON_ERR_TYPE_MISMATCH
551
552 #define kore_json_find_object(j, p) \
553 kore_json_find(j, p, KORE_JSON_TYPE_OBJECT)
554
555 #define kore_json_find_array(j, p) \
556 kore_json_find(j, p, KORE_JSON_TYPE_ARRAY)
557
558 #define kore_json_find_string(j, p) \
559 kore_json_find(j, p, KORE_JSON_TYPE_STRING)
560
561 #define kore_json_find_number(j, p) \
562 kore_json_find(j, p, KORE_JSON_TYPE_NUMBER)
563
564 #define kore_json_find_integer(j, p) \
565 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER)
566
567 #define kore_json_find_integer_u64(j, p) \
568 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER_U64)
569
570 #define kore_json_find_literal(j, p) \
571 kore_json_find(j, p, KORE_JSON_TYPE_LITERAL)
572
573 #define kore_json_create_object(o, n) \
574 kore_json_create_item(o, n, KORE_JSON_TYPE_OBJECT)
575
576 #define kore_json_create_array(o, n) \
577 kore_json_create_item(o, n, KORE_JSON_TYPE_ARRAY)
578
579 #define kore_json_create_string(o, n, v) \
580 kore_json_create_item(o, n, KORE_JSON_TYPE_STRING, v)
581
582 #define kore_json_create_number(o, n, v) \
583 kore_json_create_item(o, n, KORE_JSON_TYPE_NUMBER, (double)v)
584
585 #define kore_json_create_integer(o, n, v) \
586 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER, (int64_t)v)
587
588 #define kore_json_create_integer_u64(o, n, v) \
589 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER_U64, (u_int64_t)v)
590
591 #define kore_json_create_literal(o, n, v) \
592 kore_json_create_item(o, n, KORE_JSON_TYPE_LITERAL, v)
593
594 struct kore_json {
595 const u_int8_t *data;
596 int depth;
597 size_t length;
598 size_t offset;
599
600 struct kore_buf tmpbuf;
601 struct kore_json_item *root;
602 };
603
604 struct kore_json_item {
605 u_int32_t type;
606 char *name;
607 struct kore_json_item *parent;
608
609 union {
610 TAILQ_HEAD(, kore_json_item) items;
611 char *string;
612 double number;
613 int literal;
614 int64_t integer;
615 u_int64_t u64;
616 } data;
617
618 int (*parse)(struct kore_json *,
619 struct kore_json_item *);
620
621 TAILQ_ENTRY(kore_json_item) list;
622 };
623
624 struct kore_pool_entry {
625 u_int8_t state;
626 void *uptr;
627 void *canary;
628 struct kore_pool_entry *nextfree;
629 };
630
631 struct kore_pool {
632 size_t memsz;
633 size_t growth;
634 size_t pagesz;
635 size_t elmlen;
636 size_t uselen;
637 u_int64_t canary;
638 volatile int lock;
639 char *name;
640
641 struct kore_pool_entry *freelist;
642 };
643
644 struct kore_timer {
645 u_int64_t nextrun;
646 u_int64_t interval;
647 int flags;
648 void *arg;
649 void (*cb)(void *, u_int64_t);
650
651 TAILQ_ENTRY(kore_timer) list;
652 };
653
654 /*
655 * Keymgr process is worker index 0, but id 2000.
656 * Acme process is worker index 1, but id 2001.
657 */
658 #define KORE_WORKER_KEYMGR_IDX 0
659 #define KORE_WORKER_ACME_IDX 1
660 #define KORE_WORKER_BASE 2
661 #define KORE_WORKER_KEYMGR 2000
662 #define KORE_WORKER_ACME 2001
663 #define KORE_WORKER_MAX UCHAR_MAX
664
665 #define KORE_WORKER_POLICY_RESTART 1
666 #define KORE_WORKER_POLICY_TERMINATE 2
667
668 /* Reserved message ids, registered on workers. */
669 #define KORE_MSG_WEBSOCKET 1
670 #define KORE_MSG_KEYMGR_REQ 2
671 #define KORE_MSG_KEYMGR_RESP 3
672 #define KORE_MSG_SHUTDOWN 4
673 #define KORE_MSG_ENTROPY_REQ 5
674 #define KORE_MSG_ENTROPY_RESP 6
675 #define KORE_MSG_CERTIFICATE 7
676 #define KORE_MSG_CERTIFICATE_REQ 8
677 #define KORE_MSG_CRL 9
678 #define KORE_MSG_ACCEPT_AVAILABLE 10
679 #define KORE_PYTHON_SEND_OBJ 11
680 #define KORE_MSG_WORKER_LOG 12
681 #define KORE_MSG_FATALX 13
682 #define KORE_MSG_ACME_BASE 100
683
684 /* messages for applications should start at 201. */
685 #define KORE_MSG_APP_BASE 200
686
687 /* Predefined message targets. */
688 #define KORE_MSG_PARENT 1000
689 #define KORE_MSG_WORKER_ALL 1001
690
691 struct kore_msg {
692 u_int8_t id;
693 u_int16_t src;
694 u_int16_t dst;
695 size_t length;
696 };
697
698 struct kore_keyreq {
699 int padding;
700 char domain[KORE_DOMAINNAME_LEN + 1];
701 size_t data_len;
702 u_int8_t data[];
703 };
704
705 struct kore_x509_msg {
706 char domain[KORE_DOMAINNAME_LEN + 1];
707 size_t data_len;
708 u_int8_t data[];
709 };
710
711 #if !defined(KORE_SINGLE_BINARY)
712 extern char *config_file;
713 #endif
714
715 extern pid_t kore_pid;
716 extern int kore_quit;
717 extern int kore_quiet;
718 extern int skip_chroot;
719 extern int skip_runas;
720 extern int kore_mem_guard;
721 extern int kore_foreground;
722
723 extern char *kore_pidfile;
724
725 extern volatile sig_atomic_t sig_recv;
726
727 extern char *kore_rand_file;
728 extern int kore_keymgr_active;
729
730 extern struct kore_privsep worker_privsep;
731 extern struct kore_privsep keymgr_privsep;
732 extern struct kore_privsep acme_privsep;
733
734 extern u_int8_t nlisteners;
735 extern u_int16_t cpu_count;
736 extern u_int8_t worker_count;
737 extern const char *kore_version;
738 extern const char *kore_build_date;
739 extern int worker_policy;
740 extern u_int8_t worker_set_affinity;
741 extern u_int32_t worker_rlimit_nofiles;
742 extern u_int32_t worker_max_connections;
743 extern u_int32_t worker_active_connections;
744 extern u_int32_t worker_accept_threshold;
745 extern u_int64_t kore_websocket_maxframe;
746 extern u_int64_t kore_websocket_timeout;
747 extern u_int32_t kore_socket_backlog;
748
749 extern struct kore_worker *worker;
750 extern struct kore_pool nb_pool;
751 extern struct kore_domain *primary_dom;
752 extern struct kore_server_list kore_servers;
753
754 /* kore.c */
755 void kore_signal(int);
756 void kore_shutdown(void);
757 void kore_signal_trap(int);
758 void kore_signal_setup(void);
759 void kore_proctitle(const char *);
760 void kore_default_getopt(int, char **);
761
762 void kore_server_closeall(void);
763 void kore_server_cleanup(void);
764 void kore_server_free(struct kore_server *);
765 void kore_server_finalize(struct kore_server *);
766 void kore_hooks_set(const char *, const char *, const char *);
767
768 struct kore_server *kore_server_create(const char *);
769 struct kore_server *kore_server_lookup(const char *);
770
771 void kore_listener_accept(void *, int);
772 struct listener *kore_listener_lookup(const char *);
773 void kore_listener_free(struct listener *);
774 struct listener *kore_listener_create(struct kore_server *);
775 int kore_listener_init(struct listener *, int, const char *);
776
777 int kore_sockopt(int, int, int);
778 int kore_server_bind_unix(struct kore_server *,
779 const char *, const char *);
780 int kore_server_bind(struct kore_server *,
781 const char *, const char *, const char *);
782 /* worker.c */
783 void kore_worker_reap(void);
784 int kore_worker_init(void);
785 void kore_worker_privsep(void);
786 void kore_worker_started(void);
787 void kore_worker_shutdown(void);
788 void kore_worker_make_busy(void);
789 void kore_worker_no_accept(u_int8_t);
790 void kore_worker_dispatch_signal(int);
791 int kore_worker_spawn(u_int16_t, u_int16_t, u_int16_t);
792 int kore_worker_keymgr_response_verify(struct kore_msg *,
793 const void *, struct kore_domain **);
794
795 void kore_worker_entry(struct kore_worker *) __attribute__((noreturn));
796
797 struct kore_worker *kore_worker_data(u_int8_t);
798 struct kore_worker *kore_worker_data_byid(u_int16_t);
799
800 /* platform code (linux.c, bsd.c) */
801 void kore_platform_init(void);
802 void kore_platform_sandbox(void);
803 void kore_platform_event_init(void);
804 void kore_platform_event_cleanup(void);
805 void kore_platform_disable_read(int);
806 void kore_platform_disable_write(int);
807 void kore_platform_enable_accept(void);
808 void kore_platform_disable_accept(void);
809 void kore_platform_event_wait(u_int64_t);
810 void kore_platform_event_all(int, void *);
811 void kore_platform_event_level_all(int, void *);
812 void kore_platform_event_level_read(int, void *);
813 void kore_platform_proctitle(const char *);
814 void kore_platform_schedule_read(int, void *);
815 void kore_platform_schedule_write(int, void *);
816 void kore_platform_event_schedule(int, int, int, void *);
817 void kore_platform_worker_setcpu(struct kore_worker *);
818 u_int32_t kore_platform_random_uint32(void);
819
820 #if defined(KORE_USE_PLATFORM_SENDFILE)
821 int kore_platform_sendfile(struct connection *, struct netbuf *);
822 #endif
823
824 #if defined(KORE_USE_PLATFORM_PLEDGE)
825 void kore_platform_pledge(void);
826 void kore_platform_add_pledge(const char *);
827 #endif
828
829 /* tls variants. */
830 #define KORE_X509_NAME_COMMON_NAME 1
831
832 void kore_tls_init(void);
833 void kore_tls_cleanup(void);
834 void kore_tls_dh_check(void);
835 int kore_tls_supported(void);
836 void kore_tls_version_set(int);
837 void kore_tls_keymgr_init(void);
838 void kore_tls_log_version(void);
839 int kore_tls_dh_load(const char *);
840 void kore_tls_seed(const void *, size_t);
841 int kore_tls_ciphersuite_set(const char *);
842 int kore_tls_read(struct connection *, size_t *);
843 void kore_tls_domain_cleanup(struct kore_domain *);
844 int kore_tls_connection_accept(struct connection *);
845 void kore_tls_connection_cleanup(struct connection *);
846 int kore_tls_write(struct connection *, size_t, size_t *);
847 void kore_tls_domain_crl(struct kore_domain *, const void *, size_t);
848 void kore_tls_domain_setup(struct kore_domain *,
849 int, const void *, size_t);
850
851 KORE_PRIVATE_KEY *kore_tls_rsakey_load(const char *);
852 KORE_PRIVATE_KEY *kore_tls_rsakey_generate(const char *);
853
854 int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
855 KORE_X509_NAMES *kore_tls_x509_issuer_name(struct connection *);
856 KORE_X509_NAMES *kore_tls_x509_subject_name(struct connection *);
857 int kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
858 int (*)(void *, int, int, const char *,
859 const void *, size_t, int));
860 /* accesslog.c */
861 void kore_accesslog_init(u_int16_t);
862 void kore_accesslog_worker_init(void);
863 void kore_accesslog_run(void *, u_int64_t);
864 void kore_accesslog_gather(void *, u_int64_t, int);
865
866 #if !defined(KORE_NO_HTTP)
867 /* auth.c */
868 int kore_auth_run(struct http_request *, struct kore_auth *);
869 int kore_auth_cookie(struct http_request *, struct kore_auth *);
870 int kore_auth_header(struct http_request *, struct kore_auth *);
871 int kore_auth_request(struct http_request *, struct kore_auth *);
872 void kore_auth_init(void);
873 int kore_auth_new(const char *);
874 struct kore_auth *kore_auth_lookup(const char *);
875 #endif
876
877 /* timer.c */
878 void kore_timer_init(void);
879 void kore_timer_run(u_int64_t);
880 u_int64_t kore_timer_next_run(u_int64_t);
881 void kore_timer_remove(struct kore_timer *);
882 struct kore_timer *kore_timer_add(void (*cb)(void *, u_int64_t),
883 u_int64_t, void *, int);
884
885 /* connection.c */
886 void kore_connection_init(void);
887 void kore_connection_cleanup(void);
888 void kore_connection_prune(int);
889 struct connection *kore_connection_new(void *);
890 void kore_connection_event(void *, int);
891 int kore_connection_nonblock(int, int);
892 void kore_connection_check_timeout(u_int64_t);
893 int kore_connection_handle(struct connection *);
894 void kore_connection_remove(struct connection *);
895 void kore_connection_disconnect(struct connection *);
896 void kore_connection_start_idletimer(struct connection *);
897 void kore_connection_stop_idletimer(struct connection *);
898 void kore_connection_check_idletimer(u_int64_t,
899 struct connection *);
900 int kore_connection_accept(struct listener *,
901 struct connection **);
902 void kore_connection_log(struct connection *,
903 const char *, ...)
904 __attribute__((format (printf, 2, 3)));
905 const char *kore_connection_ip(struct connection *);
906
907 void kore_log_init(void);
908 void kore_log_file(const char *);
909
910 /* config.c */
911 void kore_parse_config(void);
912 void kore_parse_config_file(FILE *);
913 int kore_configure_setting(const char *, char *);
914
915 /* mem.c */
916 void *kore_malloc(size_t);
917 void *kore_mmap_region(size_t);
918 void *kore_calloc(size_t, size_t);
919 void *kore_realloc(void *, size_t);
920 void kore_free(void *);
921 void kore_mem_init(void);
922 void kore_free_zero(void *);
923 void kore_mem_cleanup(void);
924 void kore_mem_untag(void *);
925 void *kore_mem_lookup(u_int32_t);
926 void kore_mem_zero(void *, size_t);
927 void kore_mem_tag(void *, u_int32_t);
928 void *kore_malloc_tagged(size_t, u_int32_t);
929
930 /* pool.c */
931 void *kore_pool_get(struct kore_pool *);
932 void kore_pool_put(struct kore_pool *, void *);
933 void kore_pool_init(struct kore_pool *, const char *,
934 size_t, size_t);
935 void kore_pool_cleanup(struct kore_pool *);
936
937 /* utils.c */
938 void fatal(const char *, ...) __attribute__((noreturn))
939 __attribute__((format (printf, 1, 2)));
940 void fatalx(const char *, ...) __attribute__((noreturn))
941 __attribute__((format (printf, 1, 2)));
942
943 u_int64_t kore_time_ms(void);
944 char *kore_time_to_date(time_t);
945 char *kore_strdup(const char *);
946 time_t kore_date_to_time(const char *);
947 void kore_log(int, const char *, ...)
948 __attribute__((format (printf, 2, 3)));
949 u_int64_t kore_strtonum64(const char *, int, int *);
950 size_t kore_strlcpy(char *, const char *, const size_t);
951 void kore_server_disconnect(struct connection *);
952 int kore_split_string(char *, const char *, char **, size_t);
953 void kore_strip_chars(const char *, const char, char **);
954 int kore_snprintf(char *, size_t, int *, const char *, ...)
955 __attribute__((format (printf, 4, 5)));
956 long long kore_strtonum(const char *, int, long long, long long, int *);
957 double kore_strtodouble(const char *, long double, long double, int *);
958 int kore_base64_encode(const void *, size_t, char **);
959 int kore_base64_decode(const char *, u_int8_t **, size_t *);
960 int kore_base64url_encode(const void *, size_t, char **, int);
961 int kore_base64url_decode(const char *, u_int8_t **, size_t *, int);
962 int kore_x509_issuer_name(struct connection *, char **, int);
963 int kore_x509_subject_name(struct connection *, char **, int);
964
965 void *kore_mem_find(void *, size_t, const void *, size_t);
966 char *kore_text_trim(char *, size_t);
967 char *kore_read_line(FILE *, char *, size_t);
968
969 #if !defined(KORE_NO_HTTP)
970 /* websocket.c */
971 void kore_websocket_handshake(struct http_request *,
972 const char *, const char *, const char *);
973 int kore_websocket_send_clean(struct netbuf *);
974 void kore_websocket_send(struct connection *,
975 u_int8_t, const void *, size_t);
976 void kore_websocket_broadcast(struct connection *,
977 u_int8_t, const void *, size_t, int);
978 #endif
979
980 /* msg.c */
981 void kore_msg_init(void);
982 void kore_msg_worker_init(void);
983 void kore_msg_parent_init(void);
984 void kore_msg_unregister(u_int8_t);
985 void kore_msg_parent_add(struct kore_worker *);
986 void kore_msg_parent_remove(struct kore_worker *);
987 void kore_msg_send(u_int16_t, u_int8_t, const void *, size_t);
988 int kore_msg_register(u_int8_t,
989 void (*cb)(struct kore_msg *, const void *));
990
991 #if !defined(KORE_NO_HTTP)
992 /* filemap.c */
993 void kore_filemap_init(void);
994 void kore_filemap_resolve_paths(void);
995 extern char *kore_filemap_ext;
996 extern char *kore_filemap_index;
997
998 struct kore_route *kore_filemap_create(struct kore_domain *, const char *,
999 const char *, const char *);
1000 #endif
1001
1002 /* fileref.c */
1003 void kore_fileref_init(void);
1004 struct kore_fileref *kore_fileref_get(const char *, int);
1005 struct kore_fileref *kore_fileref_create(struct kore_server *,
1006 const char *, int, off_t, struct timespec *);
1007 void kore_fileref_release(struct kore_fileref *);
1008
1009 /* domain.c */
1010 struct kore_domain *kore_domain_new(const char *);
1011 struct kore_domain *kore_domain_byid(u_int16_t);
1012 struct kore_domain *kore_domain_lookup(struct kore_server *, const char *);
1013
1014 void kore_domain_init(void);
1015 void kore_domain_cleanup(void);
1016 void kore_domain_free(struct kore_domain *);
1017 void kore_module_init(void);
1018 void kore_module_cleanup(void);
1019 void kore_module_reload(int);
1020 void kore_module_onload(void);
1021 int kore_module_loaded(void);
1022 void kore_domain_closelogs(void);
1023 void *kore_module_getsym(const char *, struct kore_runtime **);
1024 void kore_domain_load_crl(void);
1025 void kore_domain_keymgr_init(void);
1026 void kore_domain_callback(void (*cb)(struct kore_domain *));
1027 int kore_domain_attach(struct kore_domain *, struct kore_server *);
1028
1029 #if !defined(KORE_NO_HTTP)
1030 /* route.c */
1031 void kore_route_reload(void);
1032 void kore_route_free(struct kore_route *);
1033 void kore_route_callback(struct kore_route *, const char *);
1034
1035 struct kore_route *kore_route_create(struct kore_domain *,
1036 const char *, int);
1037 int kore_route_lookup(struct http_request *,
1038 struct kore_domain *, int, struct kore_route **);
1039 #endif
1040
1041 /* runtime.c */
1042 size_t kore_runtime_count(void);
1043 struct kore_runtime_call *kore_runtime_getcall(const char *);
1044 struct kore_module *kore_module_load(const char *,
1045 const char *, int);
1046
1047 void kore_runtime_execute(struct kore_runtime_call *);
1048 int kore_runtime_onload(struct kore_runtime_call *, int);
1049 void kore_runtime_signal(struct kore_runtime_call *, int);
1050 void kore_runtime_resolve(const char *, const struct stat *);
1051 void kore_runtime_configure(struct kore_runtime_call *, int, char **);
1052 void kore_runtime_connect(struct kore_runtime_call *, struct connection *);
1053 #if !defined(KORE_NO_HTTP)
1054 int kore_runtime_http_request(struct kore_runtime_call *,
1055 struct http_request *);
1056 void kore_runtime_http_request_free(struct kore_runtime_call *,
1057 struct http_request *);
1058 int kore_runtime_http_body_chunk(struct kore_runtime_call *,
1059 struct http_request *, const void *, size_t);
1060 int kore_runtime_validator(struct kore_runtime_call *,
1061 struct http_request *, const void *);
1062 void kore_runtime_wsconnect(struct kore_runtime_call *, struct connection *);
1063 void kore_runtime_wsdisconnect(struct kore_runtime_call *,
1064 struct connection *);
1065 void kore_runtime_wsmessage(struct kore_runtime_call *,
1066 struct connection *, u_int8_t, const void *, size_t);
1067 #endif
1068
1069 #if !defined(KORE_NO_HTTP)
1070 /* validator.c */
1071 void kore_validator_init(void);
1072 void kore_validator_reload(void);
1073 int kore_validator_add(const char *, u_int8_t, const char *);
1074 int kore_validator_run(struct http_request *, const char *, char *);
1075 int kore_validator_check(struct http_request *,
1076 struct kore_validator *, const void *);
1077 struct kore_validator *kore_validator_lookup(const char *);
1078 #endif
1079
1080 const char *kore_worker_name(int);
1081
1082 /* net.c */
1083 u_int16_t net_read16(u_int8_t *);
1084 u_int32_t net_read32(u_int8_t *);
1085 u_int64_t net_read64(u_int8_t *);
1086 void net_write16(u_int8_t *, u_int16_t);
1087 void net_write32(u_int8_t *, u_int32_t);
1088 void net_write64(u_int8_t *, u_int64_t);
1089
1090 void net_init(void);
1091 void net_cleanup(void);
1092 struct netbuf *net_netbuf_get(void);
1093 int net_send(struct connection *);
1094 int net_send_flush(struct connection *);
1095 int net_recv_flush(struct connection *);
1096 int net_read(struct connection *, size_t *);
1097 int net_write(struct connection *, size_t, size_t *);
1098 void net_recv_reset(struct connection *, size_t,
1099 int (*cb)(struct netbuf *));
1100 void net_remove_netbuf(struct connection *, struct netbuf *);
1101 void net_recv_queue(struct connection *, size_t, int,
1102 int (*cb)(struct netbuf *));
1103 void net_recv_expand(struct connection *c, size_t,
1104 int (*cb)(struct netbuf *));
1105 void net_send_queue(struct connection *, const void *, size_t);
1106 void net_send_stream(struct connection *, void *,
1107 size_t, int (*cb)(struct netbuf *), struct netbuf **);
1108 void net_send_fileref(struct connection *, struct kore_fileref *);
1109
1110 /* buf.c */
1111 void kore_buf_free(struct kore_buf *);
1112 struct kore_buf *kore_buf_alloc(size_t);
1113 void kore_buf_init(struct kore_buf *, size_t);
1114 void kore_buf_append(struct kore_buf *, const void *, size_t);
1115 u_int8_t *kore_buf_release(struct kore_buf *, size_t *);
1116 void kore_buf_reset(struct kore_buf *);
1117 void kore_buf_cleanup(struct kore_buf *);
1118
1119 char *kore_buf_stringify(struct kore_buf *, size_t *);
1120 void kore_buf_appendf(struct kore_buf *, const char *, ...)
1121 __attribute__((format (printf, 2, 3)));
1122 void kore_buf_appendv(struct kore_buf *, const char *, va_list)
1123 __attribute__((format (printf, 2, 0)));
1124 void kore_buf_replace_string(struct kore_buf *,
1125 const char *, const void *, size_t);
1126
1127 /* json.c */
1128 int kore_json_errno(void);
1129 int kore_json_parse(struct kore_json *);
1130 void kore_json_cleanup(struct kore_json *);
1131 void kore_json_item_free(struct kore_json_item *);
1132 void kore_json_init(struct kore_json *, const void *, size_t);
1133 void kore_json_item_tobuf(struct kore_json_item *, struct kore_buf *);
1134 void kore_json_item_attach(struct kore_json_item *, struct kore_json_item *);
1135
1136 const char *kore_json_strerror(void);
1137 struct kore_json_item *kore_json_find(struct kore_json_item *,
1138 const char *, u_int32_t);
1139 struct kore_json_item *kore_json_create_item(struct kore_json_item *,
1140 const char *, u_int32_t, ...);
1141
1142 /* keymgr.c */
1143 void kore_keymgr_run(void);
1144 void kore_keymgr_cleanup(int);
1145
1146 #if defined(__cplusplus)
1147 }
1148 #endif
1149
1150 #endif /* !__H_KORE_H */